Re: Howto make ISA server a VPN client

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 31 Mar 2003 21:28:56 -0600

Hi Mark,

I'm not clear what you mean by RRAS on ISA itself. Do you want to set up
a VPN server or VPN gateway? Or, as you trying to make the ISA Server a
VPN client? 

Thanks!
Tom

Thomas W Shinder 
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1 
Configuring ISA Server: http://tinyurl.com/1llp 



-----Original Message-----
From: Mark Hippenstiel [mailto:m.hippenstiel@xxxxxxxxxxxx] 
Sent: Saturday, March 29, 2003 1:33 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Howto make ISA server a VPN client


http://www.ISAserver.org


Thanks Tom.

That's understood (hey I've got the book), but how does RRAS on ISA
itself
behave? Can I create a vpn connection there using l2tp?


Mark

> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
> Sent: Saturday, March 29, 2003 5:43 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: Howto make ISA server a VPN client
>
>
> http://www.ISAserver.org
>
>
> Hi Mark,
>
> You're welcome for the flowers ;-)
>
> ISA Server does not apply firewall policy to any VPN links.
> These include inbound VPN client connections, VPN gateway
> connections, and outbound PPTP connections from internal
> network clients to external VPN servers. So, if you want to
> establish a VPN connection from your internal SMTP server to
> your ISP, the ISA Server won't get in the way, as long as
> you're using PPTP.
>
> HTH,
> Tom
>
> Thomas W Shinder
> www.isaserver.org/shinder
> ISA Server and Beyond: http://tinyurl.com/1jq1
> Configuring ISA Server: http://tinyurl.com/1llp
>
>
>
> -----Original Message-----
> From: Mark Hippenstiel [mailto:m.hippenstiel@xxxxxxxxxxxx]
> Sent: Friday, March 28, 2003 8:08 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: Howto make ISA server a VPN client
>
>
> http://www.ISAserver.org
>
>
> Hi Tom,
>
> No I was not feeling like being laughed at, and thanks for the flowers
> :-)
> It seemed to me that the idea of dequeuing mails by using a
> vpn connection was considered to be hum.. inadequate to say
> the least :)
>
> I do however understand that the solutions proposed here may
> fit my needs, and I'm still reading up on that and I have to
> have a litle chat with my provider.
>
> To get back to the more theoretical question contained in my original
> mail:
> besides from any smtp issues, would it be possible to create
> a vpn connection in RRAS? Or more precisely, is any
> connection made in RRAS on the isa server itself considered
> to be "internal" or "external"? Or even somewhere in between?
> I'm a bit confused about that. If it's internal, things are
> clear - l2tp vpn wouldn't be possible...
>
> Thanks
> mark
>
> > -----Original Message-----
> > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
> > Sent: Wednesday, March 26, 2003 1:27 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Re: Howto make ISA server a VPN client
> >
> >
> > http://www.ISAserver.org
> >
> >
> > Hi Mark,
> >
> > I don't think anyone meant to laugh at you, and your
> English is better
> > than my German, and its probably better than my English! :-)
> >
> > However, maybe its ignorance on my part, but I don't see
> any way were
> > VPN would fit into this equation. Maybe I don't understand your
> > problem, but it sounds like you have an SMTP server on your network
> > that you want to dequeue messages on your ISP's SMTP
> server. If that's
> > the case, I don't see how VPN would fit into making this work.
> >
> > TRN and ETRN sound like the answer to your problem. But I
> also think
> > you need to get a dedicated IP address, or at least host
> your own SMTP
> > server and using a DDNS provider like TZO so that changing IP
> > addresses aren't a problem.
> >
> > HTH,
> > Tom
> >
> > Thomas W Shinder
> > www.isaserver.org/shinder
> > ISA Server and Beyond: http://tinyurl.com/1jq1
> > Configuring ISA Server: http://tinyurl.com/1llp
> >
> >
> >
> > -----Original Message-----
> > From: Mark Hippenstiel [mailto:m.hippenstiel@xxxxxxxxxxxx]
> > Sent: Tuesday, March 25, 2003 2:02 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Re: Howto make ISA server a VPN client
> >
> >
> > http://www.ISAserver.org
> >
> >
> > Good morning,
> >
> > Well I'm happy to see that I can contribute some amusement
> :) I think
> > I will have to explain the problem in more detail to shed a
> light on
> > this.
> >
> > The thing is, I don't really know enough about configuring a unix
> > machine to deliver mails, that's entirely up to my
> provider. There's
> > two providers we're talking about, one being the one to
> supply dial up
> > access, the other one a smaller company which does web,
> mail and DNS
> > hosting. This one's a friend of mine, and I wanted to switch to SMTP
> > delivery a) to get rid of all the spam I receive and b) to
> > come closer to a real life scenario with my exchange server
> > which I need to do some lab work and testing.
> >
> > So the question was how to make this work. I said that ETRN
> was not an
> > option because it does not "open" a communication than rather
> > triggering a second connection. After I did some reading, I
> am not too
> > shure altogether if that's true. But anyway that's what my provider
> > said. If it's not that way and ETRN does initiate a communication,
> > then Jim's right and this would be a way to go. The FQDN could be
> > provided by a DDNS server.
> >
> > The idea of making a vpn connection of some kind came from
> a similar
> > setup with a dedicated ip and a dial-up connection. In that
> scenario,
> > the customer's (i.e. my) server is the primary mx and the
> provider is
> > the secondary mx. Using VPN would make any auth on the smtp side
> > obsolete and means very little configuration, because my provider
> > would only have to make my internal ip address the primary
> mx. You get
> > the picture?
> >
> > Jim wrote that ISA NAT doesn't handle IPSec - that would
> apply only if
> > the VPN connection is made from the exchange server right?
> That's why
> > I thought I might go this way:
> >
> > Exchange - ISA|VPN start - internet - VPN end|mail provider
> >
> > Not an option I guess, huh?
> >
> > One more thing I'd like to say: it's a good thing that
> there is such a
> > list where one can have his problems discussed, and I really do
> > appreciate your help. But for instance in this thread, I
> didn't really
> > get an answer to my original questions. I mean, this could be a
> > problem of communication, I sometimes think that I don't express
> > myself clear enough - of course english is not my native language,
> > maybe that's the reason. The ETRN problem left aside, it
> could be any
> > other scenario involving VPN and I asked the question to get a
> > better understanding on what's possible and some feedback. It
> > would be great if one of you could write a couple of lines.
> >
> > Thanks for listing
> > Mark
> >
> >
> >
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Exchange Server Resource Site: http://www.msexchange.org/ Windows
> > Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT
> > > Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a
> > blank email to $subst('Email.Unsub')
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Exchange Server Resource Site: http://www.msexchange.org/ Windows
> > Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT
> > > Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: mark@xxxxxxxxxxxx To unsubscribe send a blank email
> > to $subst('Email.Unsub')
> >
>
>
>
> Free Trial Software: Monitor & Manage Web Use with
> SurfControl Web Filter for MS ISA Server
> http://www.surfcontrol.com/go/zisadl1
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a
> blank email to $subst('Email.Unsub')
>
> Free Trial Software: Monitor & Manage Web Use with
> SurfControl Web Filter for MS ISA Server
> http://www.surfcontrol.com/go/zisadl1
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: mark@xxxxxxxxxxxx To unsubscribe send a blank email
> to $subst('Email.Unsub')
>



Free Trial Software: Monitor & Manage Web Use with SurfControl Web
Filter for MS ISA Server http://www.surfcontrol.com/go/zisadl1

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » RE: Howto make ISA server a VPN client
• » RE: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » RE: Howto make ISA server a VPN client
• » RE: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client

1. Home
2. isalist
3. Archive
4. 03-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---